Cloudflare’s recent announcement that it had successfully mitigated a record-setting distributed denial-of-service (DDoS) attack drew some attention. This attack peaked at an unprecedented 11.5 Tbps. All of this carnage happened in under 35 seconds. Today, we’re seeing a level of increasingly sophisticated and large-scale cyber threats that pose significant risk to our fast-moving digital landscape. The attack emphasizes real and ongoing challenges that network security solutions providers have to face. Like online and app-based users, news consumers want to be protected from these hostile encroachments.
The service provider announced that they have seen a significant rise in hyper-volumetric DDoS attacks, especially during Q2 of 2025. Cloudflare announced a mind-blowing surge of hyper-volumetric attacks over this time. During this period they documented 6,500 attacks, an increase from just 700 in the first quarter. The worrisome trend further indicates that attackers are honing their tactics and enlarging their scope. This all demonstrates the urgent need for better cybersecurity protections.
Rising Threat of Hyper-Volumetric Attacks
In mid-May 2025, Cloudflare successfully blocked another significant DDoS attack that peaked at 7.3 Tbps, targeting an unnamed hosting provider. The horrific events of this attack served to prove the escalating frequency and intensity of these events. Protects against DDoS attacks Cloudflare’s defenses are always at maximum capacity. The company is fighting back by deploying effective DDoS detection and mitigation tools to protect its users.
“Over the past few weeks, we’ve autonomously blocked hundreds of hyper-volumetric DDoS attacks, with the largest reaching peaks of 5.1 Bpps and 11.5 Tbps,” stated a representative from Cloudflare. This preemptive stance is yet another testament to Cloudflare’s overarching goal of service integrity and service availability, even in the face of increasing criminal cyber activity.
Such increases in hyper-volumetric DDoS attacks have caused industry experts to take a closer look at what’s driving these massive attacks. According to Akamai, “the initial impact of a volumetric attack is to create congestion that degrades the performance of network connections to the internet, servers, and protocols, potentially causing outages.” As attackers get more adept at exploiting these kinds of tactics, it’s critical for security teams to continue to be proactive and reactive to changing attack tactics.
The Role of RapperBot in DDoS Attacks
Another new smart malware to really come in focus during this recent spate of DDoS attacks is the RapperBot malware. It’s particularly focused on network video recorders (NVRs) and other IoT devices. RapperBot exploits recently discovered security vulnerabilities in these IoT devices. It then uses them to enroll citizens into a botnet – often unknowingly – enabling large-scale DDoS attacks. An analysis released by Bitsight not too long ago exposed RapperBot’s kill chain. Once installed, this malware can rapidly compromise devices and further amplify its malicious operations.
Pedro Umbelino, an expert on cybersecurity, commented on the cleverness of RapperBot’s approach: “No wonder the attackers choose to use NFS mount and execute from that share. This NVR firmware is extremely limited, so mounting NFS is actually a very clever choice.” This approach helps attackers to evade conventional defenses by commandeering known, trusted file systems for nefarious activities.
Moreover, Bitsight noted the methodology employed by attackers in deploying RapperBot: “Their methodology is simple: scan the Internet for old edge devices (like DVRs and routers), brute-force or exploit and make them execute the botnet malware.” This straightforward yet effective strategy highlights the need for device manufacturers and users to prioritize security updates and device management.
Clarifying Misconceptions Around Attack Sources
Early reports stated that the majority of the attack traffic from the recent attacks originated from Google Cloud. Cloudflare was soon forced to walk that back, admitting that these assertions were misleading. This clarification is important because it sheds light on the unique challenges at play when tracing the source of cyber threats. These wrong assumptions can lead to inappropriate responses and obstruct efficient mitigation work.
Moreover, as experts caution, attackers could use volumetric attacks as a diversionary tactic to cover more targeted, sophisticated exploits. Akamai stated, “However, attackers may use volumetric attacks as a cover for more sophisticated exploits, which we refer to as ‘smoke screen’ attacks.” Cyber attackers leverage these tactics to gain access to networks. At the same time, security teams have focused efforts on a more immediate threat—close-in, high-order traffic.
